Chapter 18: Doing Business on the Internet Business Data Communications, 4e Security: The Key to E-Commerce ✘ Communications ✘ Encryption ✘ Privacy ✘ payment systems Business Data Communic ations, 4e SSL & TLS ✘ Secure Socket Layer ✘ Transport Layer Security ✘ Protocols that sit between the underlying transport protocol (TCP) and the application Business Data Communic ations, 4e Secure Socket Layer (SSL) ✘ Originated by Netscape ✘ TLS has been developed by a working group of the IETF, and is essentially SSLv3.1 ✘ Provides security at the “socket” level, just above the basic TCP/IP service ✘ Can provide security for a variety of Internet services, not just the WWW Business Data Communic ations, 4e SSL Implementation ✘ Focused on the initialization/handshaking to set up a secure channel ✘ ✘ ✘ ✘ Client specifies encryption method and provides challenge text Server authenticates with public key certificate Client send master key, encrypted with server key Server returns an encrypted master key ✘ Digital signatures used in initialization are based on RSA; after initialization, single key encryption systems like DES can be used Business Data Communic ations, 4e Characteristics of On-Line Payment Systems ✘ Transaction types ✘ Means of settlement ✘ Operational characteristics ✘ Privacy and security ✘ Who takes risks Business Data Communic ations, 4e Secure Electronic Transactions ✘ SET is a payment protocol supporting the use of bank/credit cards for transactions ✘ Supported by MasterCard, Visa, and many companies selling goods and services online ✘ SET is an open industry standard, using RSA publickey and DES single-key encryption Business Data Communic ations, 4e SET Participants & Interactions Business Data Communic ations, 4e Ideal Components of Electronic Cash ✘ Independent of physical location ✘ Security ✘ Privacy ✘ Off-line payment ✘ No need for third-party vendor ✘ Transferability to other users ✘ Divisibility ✘ “Making change” Business Data Communic ations, 4e E-Cash ✘ Created by David Chaum in Amsterdam in 1990 ✘ Maintains the anonymity of cash transactions ✘ Users maintain an account with a participating financial institution, and also have a “wallet” on their computer’s hard drive ✘ Digital coins, or tokens, are stored in the wallet Business Data Communic ations, 4e 10 Electronic Commerce Infrastructure ✘ Intrabusiness ✘ Intranet based ✘ Supports internal transactions and transfers ✘ Business-to-Business (BTB or B2B) ✘ Extranet based ✘ Business-to-Consumer (BTC or B2C) ✘ Internet based Business Data Communic ations, 4e 11 Importance of BTB Commerce Business Data Communic ations, 4e 12 Firewalls ✘ Used to provide security for computers inside of a given network ✘ All traffic to/from network passes through firewall ✘ Only authorized traffic is allowed through ✘ Firewall itself is a secure system ✘ Firewall performs authentication on users ✘ Firewall may encrypt transmissions Business Data Communic ations, 4e 13 Free Trade Zones (FTZ) ✘ Area where communication and transactions occur between trusted parties ✘ Isolated from both the external environment and the enterprise’s internet network ✘ Supported by firewalls on both ends ✘ Inside the FTZ, all communications can be in clear mode without any encryption ✘ Necessary because logical boundaries between BTB and IB are becoming fuzzy Business Data Communic ations, 4e 14 ... B2B) ✘ Extranet based ✘ Business- to-Consumer (BTC or B2C) ✘ Internet based Business Data Communic ations, 4e 11 Importance of BTB Commerce Business Data Communic ations, 4e 12 Firewalls ✘ Used... in the wallet Business Data Communic ations, 4e 10 Electronic Commerce Infrastructure ✘ Intrabusiness ✘ Intranet based ✘ Supports internal transactions and transfers ✘ Business- to -Business (BTB... using RSA publickey and DES single-key encryption Business Data Communic ations, 4e SET Participants & Interactions Business Data Communic ations, 4e Ideal Components of Electronic Cash ✘ Independent